Sha256: 4fc2e950105db75b58d3ab5de482cdd891e0ae2b4f0ed11cddfc7c5656c8e6dc

Contents?: true

Size: 1.53 KB

Versions: 1

Compression:

Stored size: 1.53 KB

Contents

## Content Security Policy

[![Build Status](https://secure.travis-ci.org/p0deje/content-security-policy.png)](http://travis-ci.org/p0deje/content-security-policy)

Implementation of Content Security Policy as Rack middleware.

More information about Content Security Policy - http://www.w3.org/TR/CSP/.

## Installation

Install as usually `gem install content-security-policy`

## Usage

Add Content Security Policy to your Rack configuration `config.ru`.

```ruby
require 'content-security-policy'

ContentSecurityPolicy.configure do |csp|
  csp['default-src'] = "'self'"
  csp['script-src']  = '*.example.com'
end

use ContentSecurityPolicy
run MyApplication
```

You can also pass directives during initialization.

```ruby
require 'content-security-policy'

use ContentSecurityPolicy, :directives => { 'policy-uri' => 'policy.xml' }
run MyApplication
```

You can also use report-only mode.

```ruby
require 'content-security-policy'

ContentSecurityPolicy.configure do |csp|
  csp.report_only = true
  csp['default-src'] = "'self'"
  csp['script-src']  = '*.example.com'
end

use ContentSecurityPolicy
run MyApplication
```

```ruby
require 'content-security-policy'

use ContentSecurityPolicy, :directives => { 'policy-uri' => 'policy.xml' }, :report_only => true
run MyApplication
```

## Status

Content Security Policy is now implemented with `Content-Security-Policy` (official name), `X-Content-Security-Policy` (Firefox and IE) and `X-WebKit-CSP` (Chrome and Safari) headers.

## Copyright

Copyright (c) 2012 Alexey Rodionov. See LICENSE for details.

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
content-security-policy-0.1.3 README.md